Share

Can you spot the payment security threats to your business?

Regardless of the type of business you operate, if you accept credit or debit cards, you’re responsible for protecting your customers’ sensitive data from theft and misuse. If you don’t you could experience a data breach, fraudulent transactions, more chargebacks, penalty fines from the major credit card brands, legal fees, and more. The threats your business faces on a daily basis aren’t always obvious, especially if you don’t know where to look, or what to look for. Take a quick break to test your ability to spot potential threats to this fictional coffee shop. Can you find all four?

Congrats! You’ve secured this coffee shop from all 4 threats.

Skimmer

Unsecure Wifi

Non-EMV

Lost Credit Card

Share

This average quick service restaurant scene probably doesn’t scream “security vulnerability” to you at first glance. But as demonstrated in the challenge above, just because security threats don’t announce themselves with a giant warning sign and caution tape, doesn’t mean they aren’t there. The same is true for your own business. Things you don’t necessarily notice, but encounter every day, actually pose serious threats to your business. So, how can you spot and eliminate threats at your business? Let’s walk through the basics.

Protecting systems

The basic security protocols for your personal computer apply to your business systems as well. Good system hygiene includes virus scanning and protection software, strong password protocols, and firewalls. Businesses also need to consider the vulnerabilities remote access presents since it’s common to use a third party vendor who may need access to all or part of your business system from time to time. Best practices for remote access are to limit access to business crucial tasks, assign one password per user, and to always close the access point when no longer immediately needed.

It’s also prudent to regularly inspect your credit card terminals to ensure they haven’t been tampered with. Skimming devices are popular among fraudsters who collect credit card data by installing their own magnetic stripe reader on your terminal to steal data as you’re processing transactions. Skimmers often mimic the legitimate swiper, fitting on top of or inside of it without drawing attention to itself. Physically checking the integrity of your card reader is a good idea. Alerting your staff to popular fraud tactics like skimming can help you foster vigilance among employees which is an important aspect of merchant card data security and anti-fraud measures.

Adhering to PCI compliance regulations is a great way to keep your systems secure and free from tampering by hackers and fraudsters. The PCI counsel has identified 12 crucial steps, including the few discussed above, to help merchants protect themselves. And PCI compliance assistance programs make it even easier to ensure that you’re maintaining compliance and closing all potential vulnerabilities to fraud.

Protecting credit card transactions

Every time you run a transaction, you’re exposing payment data to the possibility of theft. If you’re not using an encryption technology, the moment you swipe a card, the card number is exposed in the system and therefore can be stolen if a hacker breaches your system. The card number and sensitive data needed for authorization is at risk while the transaction is being processed and returned with an authorization or decline. But POS systems and credit card terminals can have encryption technology built-in, so that the card number is instantly and perpetually masked with characters and symbols that have no value to the thief.

Similarly, some business operations require a card to be kept on file for future transactions like tip adjustment and recurring payments. Tokenization works similarly to encryption, but is used to mask real card numbers at rest in the POS system or terminal.

EMV technology protects transactions from fraud. If you accept a chip-based credit card without an EMV-enabled terminal, you could be liable for any fraud that occurs as a result. When you use EMV, a cloned or counterfeit credit card will not work since the data needed to complete the transaction resides in the chip and is theoretically impossible to duplicate.

Protecting cardholders

Everything we’ve discussed to this point is ultimately about information security and protecting cardholders. Being aware of the dangers of exposed credit card information is crucial to securing your business from fraud and theft. Seemingly harmless actions like having new hire candidate resumes with their personal information exposed in a pile on the countertop exposes personal data to potential criminals. Similarly, viewing a customer profile with sensitive data in view of other customers is risky behavior that should be discussed and avoided.

Your employees have access to most of the fraud strategies we’ve discussed in this article. Have you performed background checks to ensure you have a trustworthy staff? Have you spoken to them about the importance of keeping cards secure if they must be removed from the customer’s physical presence? Are they trained to recognize the signs of fraud at the POS? It’s important to create a company-wide policy for these things, and to regularly update it and review it with your staff.